Skip to content

workflows/staging-tests: add missing identity check #307

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Nov 21, 2022
Merged

workflows/staging-tests: add missing identity check #307

merged 5 commits into from
Nov 21, 2022

Conversation

woodruffw
Copy link
Member

@woodruffw woodruffw commented Nov 21, 2022
edited by di
Loading

#299 made --cert-identity mandatory, so this should fix the staging tests by using it.

Fixes #306.

Signed-off-by: William Woodruff william@trailofbits.com

@woodruffw
workflows/staging-tests: add missing identity check
e3a1b51 
Signed-off-by: William Woodruff <william@trailofbits.com>
@woodruffw woodruffw requested review from di and tetsuo-cpp November 21, 2022 17:48
@woodruffw woodruffw self-assigned this Nov 21, 2022
@woodruffw
Copy link
Member Author

I'm going to push up a temporary commit enabling it on this branch to confirm it works, then revert.

@woodruffw
workflows/staging-tests: temporarily run on this branch
03cee74 
Signed-off-by: William Woodruff <william@trailofbits.com>
di
di previously approved these changes Nov 21, 2022
View reviewed changes
@di
Copy link
Member

di commented Nov 21, 2022

Failure reason: Certificate's SANs do not match https://github.com/sigstore/sigstore-python/.github/.workflows/staging-tests.yml@refs/heads/ww/fix-integration

Might be nice to have this say what the SAN actually is/are.

@woodruffw
workflows/staging-tests: typo
a30f82e 
Signed-off-by: William Woodruff <william@trailofbits.com>
@woodruffw
Copy link
Member Author

Might be nice to have this say what the SAN actually is/are.

Yeah, I was thinking about how best to expose this: the cert can potentially have multiple SANs of multiple types (I believe Fulcio currently only allows one SAN, but maybe we shouldn't assume that?).

I'll do that in a follow-up.

@woodruffw
workflows/staging-tests: disable temporary branch test
fc6c4b2 
Signed-off-by: William Woodruff <william@trailofbits.com>
@woodruffw woodruffw requested a review from di November 21, 2022 17:52
@woodruffw
Copy link
Member Author

Confirmed that the conformance suite is passing, so this should be good to go.

@woodruffw woodruffw enabled auto-merge (squash) November 21, 2022 17:56
@woodruffw woodruffw mentioned this pull request Nov 21, 2022
Merged
@woodruffw
Copy link
Member Author

Opened #309 for the failure reason side.

@woodruffw woodruffw merged commit 5f4dabf into main Nov 21, 2022
@woodruffw woodruffw deleted the ww/fix-integration branch November 21, 2022 20:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@di di di approved these changes

@tetsuo-cpp tetsuo-cpp Awaiting requested review from tetsuo-cpp

Assignees

@woodruffw woodruffw

Labels
component:cicd CI/CD
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[CI] Integration failure: staging instance
2 participants
@woodruffw @di